{
"Source": "CVE FEED",
"Title": "CVE-2025-58323 - NAVER MYBOX Explorer Windows Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-58323
Published : Aug. 29, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58323 - NAVER MYBOX Explorer Windows Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-58323
Published : Aug. 29, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39245 - HikCentral Master Lite CSV Injection Vulnerability",
"Content": "CVE ID : CVE-2025-39245
Published : Aug. 29, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39245 - HikCentral Master Lite CSV Injection Vulnerability",
"Content": "CVE ID : CVE-2025-39245
Published : Aug. 29, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39246 - HikCentral FocSign Unquoted Service Path Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-39246
Published : Aug. 29, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39246 - HikCentral FocSign Unquoted Service Path Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-39246
Published : Aug. 29, 2025, 3:15 a.m. | 1 hour, 3 minutes ago
Description : There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9602 - Xinhu RockOA Remote Authorization Bypass",
"Content": "CVE ID : CVE-2025-9602
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9602 - Xinhu RockOA Remote Authorization Bypass",
"Content": "CVE ID : CVE-2025-9602
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9603 - Telesquare TLR-2005KSH Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9603
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9603 - Telesquare TLR-2005KSH Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9603
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9604 - Coze-Studio Hardcoded Cryptographic Key Vulnerability",
"Content": "CVE ID : CVE-2025-9604
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key
. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt."
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9604 - Coze-Studio Hardcoded Cryptographic Key Vulnerability",
"Content": "CVE ID : CVE-2025-9604
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key
. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt."
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9601 - iSourcecode Apartment Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9601
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9601 - iSourcecode Apartment Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9601
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9374 - "Ultimate Tag Warrior Importer CSRF"",
"Content": "CVE ID : CVE-2025-9374
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9374 - "Ultimate Tag Warrior Importer CSRF"",
"Content": "CVE ID : CVE-2025-9374
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9441 - WordPress iATS Online Forms SQL Injection",
"Content": "CVE ID : CVE-2025-9441
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the โorder' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9441 - WordPress iATS Online Forms SQL Injection",
"Content": "CVE ID : CVE-2025-9441
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the โorder' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53507 - iND Co.,Ltd iND Product Sensitive Information Disclosure",
"Content": "CVE ID : CVE-2025-53507
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53507 - iND Co.,Ltd iND Product Sensitive Information Disclosure",
"Content": "CVE ID : CVE-2025-53507
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53508 - iND Co.,Ltd iND Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-53508
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53508 - iND Co.,Ltd iND Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-53508
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8147 - WordPress LWSCache Plugin Authorization Bypass",
"Content": "CVE ID : CVE-2025-8147
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8147 - WordPress LWSCache Plugin Authorization Bypass",
"Content": "CVE ID : CVE-2025-8147
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8290 - WordPress List Subpages Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8290
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtitleโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8290 - WordPress List Subpages Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8290
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtitleโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8619 - Elementor OSM Map Widget Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8619
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8619 - Elementor OSM Map Widget Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8619
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9639 - Ai3 QbiCRMGateway Arbitrary File Reading Vulnerability",
"Content": "CVE ID : CVE-2025-9639
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9639 - Ai3 QbiCRMGateway Arbitrary File Reading Vulnerability",
"Content": "CVE ID : CVE-2025-9639
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9619 - Mercatus ERP Remote Resource ID Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-9619
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9619 - Mercatus ERP Remote Resource ID Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-9619
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9610 - Code-projects Online Event Judging System SQL Injection",
"Content": "CVE ID : CVE-2025-9610
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9610 - Code-projects Online Event Judging System SQL Injection",
"Content": "CVE ID : CVE-2025-9610
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9609 - Portabilis i-Educar Improper Authorization Remote Code Execution",
"Content": "CVE ID : CVE-2025-9609
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9609 - Portabilis i-Educar Improper Authorization Remote Code Execution",
"Content": "CVE ID : CVE-2025-9609
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8861 - "Changing TSA Missing Authentication Vulnerability"",
"Content": "CVE ID : CVE-2025-8861
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8861 - "Changing TSA Missing Authentication Vulnerability"",
"Content": "CVE ID : CVE-2025-8861
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8858 - Changing Clinic Image System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-8858
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8858 - Changing Clinic Image System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-8858
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8857 - Changing Clinic Image System Hard-Coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-8857
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8857 - Changing Clinic Image System Hard-Coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-8857
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น